This incident was reported via a comment on this blog. We have not found the malicious advertisement yet, but we can tell you that victims who are caught by the hijack when visiting mayoclinic.com end up being redirected to:quinquecahue.com/swf/gnida.swf?campaign=fabulistor&u=1200910285 We can also tell you that this particular campaign (fabulistor) is coded to NOT trigger when the victim’s computer falls within […]
The bad guys are certainly expanding their stable of advertisements. Both lead victims to malicious quinquecahue.com URLs. More later…
Expedia.com has been infiltrated by a malicious banner advertisement – a new one that I have not seen before. Victim site Expedia.com (216.251.114.10) SWF host media.expedia.com SWF Source Target fraudware domain scanner2.malware-scan.com Banned cities, countries and IPs 199.3.0.0-199.3.255.255216.251.0.0-216.251.255.255172.30.0.0-172.30.25.255 (note: expedia.com’s IP is banned)IN, IL, UK, AU, FR, IT, CN, JP, DE, ES, MX, AEcolorado, […]
rhapsody.com has been hit by a malicious banner advertisement – rhapsody.com is owned by RealNetworks. Victim site rhapsody.com (207.188.21.32) SWF host RealOne / Doubleclick SWF Source Target fraudware domain scanner2.malware-scan.com Banned cities, countries and IPs 207.188.0.0-207.188.255.255 (note this IP range captures rhapsody.com)newjersey, newyork, california, washington, virginiaparis, aarhus, velizycedex, jarrestr, amsterdam, rotterdam, zaanstad, koogaandezaan, […]
The malware domains we have been featuring have moved on again – they are no longer hosted by Denit Internet Services, Amsterdam. But it looks, this time, like the bad guys need a break from moving to host to host to host [H] akamahi.net (190.15.64.185) (securehost.com)newbieadguide.com (190.15.64.188) (securehost.com)thetechnorati.com (190.15.64.191) (securehost.com)vozemiliogaranon.com (190.15.64.192) (securehost.com) Now remember, there […]
IP 83.149.75.50 detected as subscribing one of my email addresses to a mailing list without permission. Reduce it down to 83.149.75… do a Google search.. and what do we find? Connections with malware…. “malwarewipe.com”???? http://board.protecus.de/t25767.htm “http://malwarewipe.com/images/blue-gray-stripe.gif – deletedhttp://83.149.75.51/count/l.php?pl=Win32&ce=true&id=rrd – deletedhttp://www.surveyswages.com/img/laptop9.gif – deleted http://dl.web-nexus.net/exclurls.php “83.149.75.” is a blocked IP. Coincidence? What’s cool is that I have […]
Keep ’em coming friend. *Everything* is traceable eventually. 83.149.75.50 = LeaseWeb AS Amsterdam, Netherlands…. why am I not surprised? The Netherlands has popped up several times in my recent articles about malware domains….
I admit, when I saw the following emails come in I assumed it was the typical “infected computer spewing out emails using me as a reply to” that we are all used to, and delete as a matter of course, until I saw the one from rollins.edu. That seems to be the result of an […]
In order to uninstall Internet Explorer 7 from this system, you can follow the steps below: 1. Uninstall Service Pack 2 for Windows Server 2003 and restart the computer. 2. Uninstall Internet Explorer 7.0 and restart the computer. 3. Reinstall Service Pack 2 for Windows Server 2003. http://support.microsoft.com/default.aspx/kb/948093
Spyware Sucks was linked to by the MCPM (Microsoft Certified Professional Magazine and the “Redmond Security Watch” email newsletter: http://mcpmag.com/columns/columnist.asp?columnistsid=16 “ESPN Sports Bad Code ESPN’s Soccernet site hosted a malicious advertisement that, ultimately, led to PerformanceOptimizer.com, which in turn displayed numerous popups alleging problems with the victim’s system and offering a solution. Yep — ad networks […]